Google retires Chrome extension inline installations

[debebee]

Google retires Chrome extension inline installations
Martin Brinkmann

 

Google announced yesterday that it will retire inline installations of Google Chrome extensions starting with Chrome 71 in December 2018.

 

Chrome extension developers are required to add their extensions to the Chrome Web Store but they could distribute it using inline installations up until now.

Inline installations fire on third-party websites; Chrome users get the installation prompts on these websites and can install the browser extension without having to visit the Chrome web store first.

 

The direct installation may save the user a click or two but it led to all kinds of abuse as well. While the system has been used by legitimate companies and developers to provide extension installations directly from websites they operate, it has been abused by crooks as well.

chrome inline installation dialog

 

The inline installation prompt displays only some information to the user. It displays the name of the extension, its rating and number of votes, and number of users. The prompt lists extra permissions that the extension requests, and includes a link to the Chrome Web Store next to that.

 

The prompt omits information such as the extension's description, user reviews, and developer information.

 

We have suggested for years that users need to verify Chrome extensions before installation, and that users should take a number of precautions as well.

Google notes in its announcement that inline installed extensions have a higher user complaint ratio and are uninstalled significantly more often than extensions installed from the Web Store. The company goes on to explain that the "Chrome Web Store plays a critical role in ensuring that users can make informed decisions about whether to install an extension".

 

The company promised to do something against deceptive inline installations in January 2018 and revealed that fewer than 3% of extensions used deceptive or confusing install flows and that these 3% account for more than 90% of user complaints.

 

Google wanted to use machine learning back in January 2018 to combat deceptive or confusing inline installations but yesterday's announcement suggests that this did not yield the desired results.

 

The company and its users experienced wave after wave of issues with malicious or deceptive Chrome extensions. Criminals managed time and time again to plant malicious or fake extensions in the Chrome Web Store,

 

Retiring inline installations

• Google plans to roll out the change in three phases starting June 12, 2018 and ending in December 2018.
• New published extensions cannot be distributed as inline installations anymore. If extensions use the function, users are redirected automatically to the Chrome Web Store in a new tab.
• From September 12, 2018 on, inline installations will be disabled for all existing extensions as well. Users will be redirected to the Chrome Web Store.
• The inline install API will be removed in Chrome 71 in December 2018 (no more redirects after this point).
• Extension developers who use inline installations currently need to change the install buttons on their web properties before Chrome 71's release in December so that they link to the Chrome Web Store instead.

 

Closing Words

While inline installations of extensions accounted for a large part of user complaints and issues, one needs to remember that all of the extensions installed this way were hosted in the Web Store as well.

 

It may be more difficult for malicious actors to get users to install their extensions directly from the Web Store. Google has not published information about the ratio of installs. One thing is

certain: while the retiring of inline Chrome extension installations will have a positive impact, it won't suddenly free the Chrome Web Store from user tracking or outright malicious extensions.

 

Source: https://www.ghacks.net/2018/06/13/google-retires-chrome-extension-inline-installations/

 

 

.....SO CHROME FOLLOWS FIREFOX

[steven36]

No more being  able too install dev versions of ublock  , YouTube addons  , and other stuff they ban from the store the difference in Firefox doing it is they work with devs  and don't  ban addons unless there malicious . But Google are evil and they will  use it to kill useful addons that this was the only way we can install them . They have all kinds of addons they ban from there store that Firefox allows.

[Rekkio]

6 hours ago, steven36 said:

No more being  able too install dev versions of ublock  , YouTube addons  , and other stuff they ban from the store the difference in Firefox doing it is they work with devs  and don't  ban addons unless there malicious . But Google are evil and they will  use it to kill useful addons that this was the only way we can install them . They have all kinds of addons they ban from there store that Firefox allows.

 

This is common practice among browser vendors:

 

Banning addons that are deemed too effective.

 

The first step before triggering their evil plan was to trick people into accepting a mandatory signature enforcement on all browser addons 'for their security'.

 

Then once they trick people into believing them, they start removing key API components used mainly by the adversarial effective addons.

 

After they've made sure the Privacy addons won't work anyway, they go on a massive Store purge.

 

The browser vendor since signature enforcement is now the sole Authority over what you can and cannot run.

 

Want to install an aggressive, efficient Privacy addon you've made ? Oops, it's not signed by Mozilla / Google so you won't run that anyway

 

Their next move is to make their browsers complacent at the very core in order to completely nullout any opposition.

 

It's already happening: (both Chrome & Firefox)

 

The introduction of DRM, the removal of key Advanced settings, removal of cookie management, removal of plugin click-to-play / Ask-to-run, etc.

 

Mozilla is no less evil than Google.

 

They do this with malice, with a malicious intent: they know what they're doing is wrong and it's done on purpose.

 

 

[steven36]

44 minutes ago, Rekkio said:

It's already happening: (both Chrome & Firefox)

 

The introduction of DRM, the removal of key Advanced settings, removal of cookie management, removal of plugin click-to-play / Ask-to-run, etc.

 

Mozilla is no less evil than Google.

 

They do this with malice, with a malicious intent: they know what they're doing is wrong and it's done on purpose.

You can use EME-free Firefox or DRM Free Chromium (web browser) in windows.  They reason they  put DRM browsers in Firefox  for Linux was for years people were having to install Chorme to watch netfilx  . Shoot you even have to use DRM  to listen to free Spotify the apps are all full of ads and crap with a web browser you can block the ads.

 

In 2020 all flash is phased out and all protected media will use  DRM HTML5  so they have no choice but  to use the w3c stranded as they make the rules not  Mozilla because  they invented  the www  its  not Mozilla's  fault that the w3c sides with using Google's DRM.  Lol  use DRM or get infected using flash nether is a great choice.

 

Quote

With most competing browsers and the content industry embracing the W3C EME specification, Mozilla has little choice but to implement EME as well so our users can continue to access all content they want to enjoy. Read on for some background on how we got here, and details of our implementation.

https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-and-w3c-eme/

 

As far as cookie management try  cookiebro it lets you blacklist  and whitelist cookies 

https://nodetics.com/cookiebro/

[DKT27]

In Firefox, one is allowed to add urls from where one can download addons from I think.